Bee Token Stung with a Phishing Scam that Cost Investors $1M of Ethereum

Cryptocurrency startup Bee Token confirmed that scammers conned its investors out of at least $928,000 worth of ethereum when it ran its initial coin offering (ICO). The fraudsters who phished the investors posed as the Bee Token team, urging them to quickly capitalize on the ICO to gain a significantly higher return on investment. The scheme involved the phishers sending would-be buyers an Ethereum address or a QR code that redirects them to the address. The earliest transaction occurred on January 31, nearly the same time Bee Token ran its ICO.

Bee Token is the cryptocurrency of Beenest, a decentralized home-sharing and house rental network much like Airbnb. It is a real-world example of applying blockchain technology to an industry, which, in this case, is short-term housing and hospitality. Beenest held an ICO (presale of its Bee tokens) in January to raise enough crowdfunded capital to launch the project. Presale ICOs are usually done to test the waters to see if the project has garnered enough interest, and investors are incentivized with discounted offers.

Bee Token’s case is a classic example of phishing, where perpetrators try to lend itself credibility and legitimacy while inciting a sense of urgency to would-be victims in order to cash in on their bank accounts and even personal data that they can monetize. And Bee Token wasn’t just a one-off incident. In late January, hackers phished participants of the Experty ICO (meant for setting up a Skype-like application) and got away with etherium worth $150,000.

Cryptocurrency’s real-world leverage is indeed drawing cybercriminal attention. But phishing isn’t the only favored technique—in fact, the use of cryptocurrency-mining malware and botnets that turn devices into resource-stealing zombies are increasing.

Just this week, a worm-like Monero-mining malware (ADB.Miner) is currently gaining ground in China and South Korea, which so far is affecting Android-powered devices. It abuses Android Debug Bridge (ABD), a command-line tool that facilitates various functionalities, such as installing and debugging applications. ADB.Miner has scanning capability of the infamous Mirai, searching for open port 5555 (which is part of ADB’s port range). And it’s not just cybercriminals. Cyberespionage campaign PZChao was recently seen deploying custom-built information stealers and remote access Trojans that also mines bitcoins.

The surge of malicious cryptocurrency mining activities would only translate to cybercriminals looking for more ways to zombify devices — from abusing legitimate services and exploiting vulnerabilities and system weaknesses to using tried-and-tested techniques such as phishing. These incidents highlight the significance of defense in depth, or arraying defenses at each layer of the infrastructure to mitigate and lessen exposure to threats.

In cases like Bee Token’s, apply best practices against phishing: Beware of suspicious emails with equally dodgy requests, such as those that ask for more personal information than necessary. The sender's display names can also reveal phishing red flags. Bee Token investors were duped by scammers using fake email addresses instead of ones officially used by the Bee Token team. Phishing emails, like those used in Business Email Compromise attacks, are also written with a sense of urgency. Social engineering is a vital component in phishing, so users and businesses should be more security-aware: If the phishing email offers something that seems too good to be true, it usually is.

2017 MIDYEAR SECURITY ROUNDUP

2018 SECURITY PREDICTIONS

Today's increasingly interconnected environments pave the way for threats that will bank on systems' weaknesses for different forms of cybercrime. How can you prepare for the year ahead?View the 2018 Security Predictions